Built from real-world experience

Modern endpoint management, without the fluff.

Field notes, deployment guidance and hard-earned lessons across Windows, Intune, Autopilot, Azure Virtual Desktop and the modern workplace.

The archive

Technical field notes

Mar 9, 2023

Windows Autopatch Customize Windows Update settings!

Well to start off this is an AMZING DAY for Windows Autopatch, today the Autopatch Team has released into Public Preview the ability to Customize Windows Update Settings in the Autopatch UX. This is a huge step forward for Admins and I know a highly requested feature for many current Autopatch customers. So let's dive

Read article →
Jan 19, 2023

So, Its Autopatch Expedited Releases

So wanted to take a few minutes to talk about Expedited release in Windows Autopatch. This is a function that flies a little under the radar as it's not something we use very often but when we need it, WE NEED IT!

Read article →
May 13, 2022

AD to AAD Join via Configuration Manager Task Sequence

So talking about the Task sequence built to facilitate AD to Hybrid Azure AD join I started with a task sequence because let's face it majority of on-premise enterprise environments are running SCCM and leveraging Task Sequences and Task Sequences are just an elegant way to execute what I was looking for.

Read article →
May 13, 2022

Azure AD Join Provisioning Package

Creating a Provisioning Package is a supported method to provide an unattended method to Join a device to Azure AD, as you have probably noticed if you have spent time looking into options there aren't many supported options other than manually with in windows or through a process like Autopilot.

Read article →
May 13, 2022

Active Directory Join to Azure AD Join

So this is an interesting topic and one I have to be clear This is not a Microsoft supported process today (Though all the steps on their own are supported). We are pushing for Microsoft to provide a formally supported method but until then this might do. Internally we more commonly refer to this process as Hybrid to A

Read article →
Apr 15, 2022

Office, Edge, and One Drive Settings for the Enterprise!

So I have been asked about how to get those standard apps ready on most enterprise builds. These are simple, not to complicated not getting to crazy. Many admins make the mistake if there is a configuration I must configure it! This will lead to a world of pain, years of deploying Microsoft products has taught me to ta

Read article →
Apr 15, 2022

Device Configurations or Settings Catalog for the Enterprise?

In my time deploying enterprise ready windows builds around the world I have seen some pretty consistent configurations, which take us down a deep deep HOLE! of Group Policy.Group policy is a familiar tool to everyone in the windows management / admin space. For years we have bet our device security and reliability on

Read article →
Apr 15, 2022

Autopilot Profile Azure AD Join According to Me!

So I have had quite a few customers ask me about what I set when configuring autopilot profiles and why? For the sake of the post I will focus on Azure AD join mainly because Hybrid is a nightmare of complexity and I have found very few cases where Hybrid was the better choice, I always encourage start with Azure AD jo

Read article →
Mar 29, 2022

So yet another Bit locker blog post!

Bit locker is not a new technology it has been around for many years, and I remember the day of deploying MBAM for enterprises, and fighting with TPM preparation scripts and logic as well as firmware configurations before the technology was really standardized.

Read article →
Mar 29, 2022

So We Are Still Talking DNS Suffix for Azure AD Join Devices

So this was something which came up a few months back with a customer, we realized in many organizations DNS Search suffix is set by AD Group Policy or the DHCP scope using options. But when deploying an Azure AD join device without line of sight we may not get search suffix and after connecting VPN UNC paths and some

Read article →
Mar 28, 2022

OneDrive More Than Just Known Folder Redirection!

So a few years ago yes I said a few years ago, I had a customer ask if it were possible to Redirect more than just Desktop, Documents, and Pictures in OneDrive which is included natively in Known folder redirection? Interesting thought they, like many organizations have been using folder redirection of various folders

Read article →
Mar 28, 2022

MEM (Intune) PKCS Certificates End to End

So let's start by talking about certificated now certificates have been around an extremely long time and are not a new concept in most Enterprises today. In the past we would use services like NDES (Network Device Enrollment Service). For a great blog on NDES and how to deploy check out Jeff Gilberts Blog Link. For th

Read article →
Sep 29, 2021

Digging into Autopilot Diagnostics Page!

So l want to take some time to talk about a new Public Preview Feature call Windows Autopilot Diagnostics. This feature is replacing the existing get-autopilotgdiagnostics.ps1 script developed by the Autopilot Feature team. Diagnostics is critical to developing a successful Hybrid Azure AD join when troubleshooting ODJ

Read article →
Sep 28, 2021

Windows 11 Autopilot OOBE ESP Updates!

Now it's time to check out the ESP on Windows 11 through an Autopilot Deployment. In my environment I'm running on a Hyper-V VM so Network is already there so first boot goes straight into updates as expected. Nice fresh UI for windows 11.

Read article →
Sep 28, 2021

Windows 11 New OOBE Experience!

So I spent some time playing with Windows 11 Autopilot today and really liked the new out of box experience. And with that we have a new autopilot ESP as well. Here are my thoughts…

Read article →
Sep 27, 2021

Intune Trusted Site? Who Cares!

So trusted site is an important part of any enterprise environment. This policy controls the user experience, when accessing certain website allowing pass through authentication or SSO. Also allowing certain security controls to be bypassed for trusted sites such as Active X and various resource mappings. I'm not going

Read article →
Sep 27, 2021

What About Autopilot Dynamic Device Groups

So one critical part of any successful Autopilot process is targeting, we need a way of pointing our Autopilot Devices to the correct profiles. Now I always try to keep these down to a single profile for traditional AAD or even Hybrid if you have no choice, but you may want to dabble in auto deploy scenarios which will

Read article →
Aug 17, 2021

OneDrive for Business Auto Registration - Old School

So this is something I wrote quite some time ago, many folks configure OneDrive using the Administrative Templates in Intune, but old habits Die Hard. Below you will learn how to build a One Drive Profile to Auto Configure OneDrive under the current Logged on user using a Custom CSP and ADMX ingestion, very slick Proce

Read article →
Aug 17, 2021

Intune Configuring Windows Enrollment

There are a lot of guides out there for Microsoft Intune, this one is going to be focused at Windows Management primarily around Azure AD Join, replacing much of the on-premise functionality to provide a Modern approach to Windows Management.I always start at the Windows Enrollment you can find this section under Devic

Read article →
Aug 17, 2021

Configuring Windows Enrolment Status Page (ESP)

The ESP gives use the ability to hold the user as a designated screen, until our configurations are complete then allow the user access to their desktop once all configurations are complete. Below is an example on how I configure this with customers.

Read article →
Aug 13, 2021

What's this Mobility stuff in Azure Active Directory?

So a common misconfiguration I see is how customers configure the Mobility (MDM and MAM) in the Azure Resource Manager Portal. Where Azure AD join will still operate without this being configured, you will have inconsistent results leveraging Intune or other 3rd party MDM if this is not configured correctly.

Read article →
Aug 12, 2021

Ensuring Your Tenant is Ready for Azure AD Join

So I have been asked a few times to walk through a customer's environment ensuring everything is in place for Azure AD join Scenarios. Most Azure AD Tenants come pre-configured for Azure AD Join, but Here are a few of the configurations to what out for and why they are important.

Read article →
Aug 11, 2021

Always start with Azure AD Join

So this has been an interesting debate for the past few years as I have worked with various customer working towards a modern approach to Windows 10. Whether modern means Hybrid or Full Azure AD Join. In this Blog I will talk about rational of Azure AD vs Hybrid and in future Blogs on how I achieve an Enterprise Ready

Read article →
Jul 16, 2021

Hello

I have spent the last 5 years as a Microsoft Customer Engineer working with organization around the globe adopt a MODERN approach to windows Deployment and Management. During this time I interacted with over 100 different companies and environments making this journey. This Blog will be the outcomes of much of that exp

Read article →
No articles match that search yet.
Adam Nichols

Notes from Adam Nichols

Technology junkie, product manager and endpoint-management veteran sharing practical lessons from customer environments around the world.

About Adam